From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35898)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1X5uw8-0006ga-3t
	for qemu-devel@nongnu.org; Sat, 12 Jul 2014 06:53:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1X5uw3-0004mT-8m
	for qemu-devel@nongnu.org; Sat, 12 Jul 2014 06:53:48 -0400
Received: from mail-la0-f49.google.com ([209.85.215.49]:34883)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1X5uw3-0004lO-25
	for qemu-devel@nongnu.org; Sat, 12 Jul 2014 06:53:43 -0400
Received: by mail-la0-f49.google.com with SMTP id gf5so1585822lab.22
	for <qemu-devel@nongnu.org>; Sat, 12 Jul 2014 03:53:42 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1405158390-27397-1-git-send-email-Joakim.Tjernlund@transmode.se>
References: <1405158390-27397-1-git-send-email-Joakim.Tjernlund@transmode.se>
From: Peter Maydell <peter.maydell@linaro.org>
Date: Sat, 12 Jul 2014 11:53:21 +0100
Message-ID: <CAFEAcA9Fq6e6ahHzvzWmBKNyHrhpWkgmpiPDSBu+Z7qvJrxkVg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH 1/2 v2] qemu-user: Impl.
	setsockopt(SO_BINDTODEVICE)
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Cc: QEMU Developers <qemu-devel@nongnu.org>

On 12 July 2014 10:46, Joakim Tjernlund <Joakim.Tjernlund@transmode.se> wrote:
> ---
>  linux-user/syscall.c | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 57c1664..5a07d9c 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1497,6 +1497,25 @@ set_timeout:
>                  unlock_user_struct(tfprog, optval_addr, 1);
>                  return ret;
>          }
> +       case TARGET_SO_BINDTODEVICE:
> +       {
> +               char *dev_ifname, *addr_ifname;
> +
> +               dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
> +               if (!dev_ifname) {
> +                       return -TARGET_EFAULT;
> +               }
> +               if (optlen > IFNAMSIZ - 1) {
> +                       optlen = IFNAMSIZ - 1;
> +               }

This needs to go before the lock_user, not after.

> +               optname = SO_BINDTODEVICE;
> +               addr_ifname = alloca(IFNAMSIZ);
> +               memcpy(addr_ifname, dev_ifname, IFNAMSIZ);

You can't memcpy IFNAMSIZ bytes here because your source
might be shorter than that. memcpy() optlen bytes and set
addr_ifname[optlen] to 0.

> +               addr_ifname[IFNAMSIZ - 1] = 0;
> +               ret = get_errno(setsockopt(sockfd, level, optname, addr_ifname, optlen));
> +               unlock_user (dev_ifname, optval_addr, 0);
> +               return ret;
> +       }
>              /* Options with 'int' argument.  */
>          case TARGET_SO_DEBUG:
>                 optname = SO_DEBUG;
> --
> 1.8.5.5

Otherwise looks good; thanks.

thanks
-- PMM